CVE-2006-2949
https://notcve.org/view.php?id=CVE-2006-2949
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. • http://secunia.com/advisories/20492 http://www.securityfocus.com/archive/1/436286/100/0/threaded http://www.securityfocus.com/bid/18297 http://www.vupen.com/english/advisories/2006/2190 https://exchange.xforce.ibmcloud.com/vulnerabilities/26994 •
CVE-2006-2589
https://notcve.org/view.php?id=CVE-2006-2589
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. • http://securityreason.com/securityalert/952 http://www.securityfocus.com/archive/1/434728/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28520 •
CVE-2006-2333
https://notcve.org/view.php?id=CVE-2006-2333
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. • http://myimei.com/security/2006-05-07/mybb111email-verification-in-user-activation-sql-injection-attack.html http://securityreason.com/securityalert/885 http://www.securityfocus.com/archive/1/433231/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26545 •
CVE-2006-2336 – MyBB 1.1.1 - 'showthread.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-2336
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. • https://www.exploit-db.com/exploits/27843 http://securityreason.com/securityalert/884 http://www.osvdb.org/25674 http://www.securityfocus.com/archive/1/433564/100/0/threaded http://www.securityfocus.com/bid/17904 https://exchange.xforce.ibmcloud.com/vulnerabilities/26376 •
CVE-2006-2103
https://notcve.org/view.php?id=CVE-2006-2103
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. • http://secunia.com/advisories/19865 http://securityreason.com/securityalert/808 http://www.osvdb.org/25074 http://www.osvdb.org/25075 http://www.securityfocus.com/archive/1/432229/100/0/threaded http://www.vupen.com/english/advisories/2006/1566 https://exchange.xforce.ibmcloud.com/vulnerabilities/26103 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •